similar to: [ANNOUNCE] Xen 4.1.4 released

Checking that multi-page allocations are permitted is unnecessary for PoD population operations. Instead, the (loop invariant) check added for addressing XSA-31 can be moved here. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -99,7 +99,8 @@ static void populate_physmap(struct memo

Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input,

Hi, Just wondering if there''s a release of xen 4.1.4 being planned for the near future to bundle up the recent XSA''s? - Nathan _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users

Processing commands for control at bugs.debian.org: > reassign 780227 src:xen Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Bug reassigned from package 'xen-hypervisor-4.1-amd64' to 'src:xen'. No longer marked as found in versions xen/4.1.4-1 and xen/4.1.4-3+deb7u4. No longer marked as fixed in versions

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3496 / XSA-14 version 3 XENMEM_populate_physmap DoS vulnerability UPDATES IN VERSION 3 ==================== Public release. Credit Matthew Daley. ISSUE DESCRIPTION ================= XENMEM_populate_physmap can be called with invalid flags. By calling it with

Processing commands for control at bugs.debian.org: > found 780227 4.1.4-1 Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Marked as found in versions xen/4.1.4-1. > fixed 780227 4.1.4-3+deb7u5 Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Marked as

The hypervisor side changes for XSA-46 require the tool stack to now always map the guest pIRQ before granting access permission to the underlying host IRQ (GSI). This in particular requires that pciif.py no longer can skip this step (assuming qemu would do it) for HVM guests. This in turn exposes, however, an inconsistency between xend and qemu: The former wants to always establish 1:1 mappings

Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/

Mapping oldstable-security to oldstable-proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 12 Jun 2015 13:09:44 +0000 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 12 Jun 2015 13:09:44 +0000 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386 Architecture: source all amd64 Version: 4.1.4-3+deb7u8

Hello Debian Xen team, I have two questions regarding Xen vulnerability CVE-2015-3456 / XSA-133 / "Venom" in Debian [1]: * I noticed that [1] says 4.4.1-9 not to be vulnerable ("fixed") but according to the Debian Changelog [2] 4.4.1-9 appeared in Debian before XSA-133 was published and xen_4.4.1-9.debian.tar.xz [3] does not seem to contain any XSA-133 patch.

CentOS Errata and Security Advisory 2013:X013 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- f3725f9d29b2fd85d3c9568d979b7ea0f26e1844bb7474b8ef4de2e124bae9ff xen-4.2.3-25.el6.centos.alt.x86_64.rpm

Source: xen Severity: grave Tags: security Multiple vulnerabilities are unfixed in xen: CVE-2015-5307: http://xenbits.xen.org/xsa/advisory-156.html CVE-2016-3960 http://xenbits.xen.org/xsa/advisory-173.html CVE-2016-3159 / CVE-2016-3158 http://xenbits.xen.org/xsa/advisory-172.html CVE-2016-2271 http://xenbits.xen.org/xsa/advisory-170.html CVE-2016-2270

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

We just sent the message below to the security advisory predisclosure list, relating to the release of XSA-26 to XSA-32. As you will see, these have now been publicly released. We''ll have a proper conversation about this in a week or two. Thanks for your attention, Ian. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We regret to announce that a member of the predisclosure list

(moving to xen-devel, xen-arm is for the older PV ARM port) On Tue, 2013-06-25 at 23:59 +0000, Eric Trudeau wrote: > Hi, I am trying to build the XEN tools for our port of XEN to our > Cortex A15-based platform. > > I am using the repo at git://xenbits.xenproject.org/xen.git to > cross-compile the tools into our rootfs. Which branch/changeset are you using? I've heard that

Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Nov 2015 13:03:13 +0000 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture:

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Nov 2015 13:03:13 +0000 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: source all amd64 Version: 4.4.1-9+deb8u3

All, I am pleased to announce the release of Xen 4.2.2. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2 (tag RELEASE-4.2.2) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-422.html This fixes the following critical vulnerabilities: * CVE-2012-5634 /

Dear Security Team, I have prepared a new upload addressing a number of open security issues in Xen. Due to the complexity of the patches that address XSA-273 [0] the packages have been built from upstream's staging-4.8 / staging-4.10 branch again as recommended in that advisory. Commits on those branches are restricted to those that address the following XSAs (cf. [1]): - XSA-273